Log Correlation Engine Software Requirements

Version Software Requirements
  • An active LCE license
  • RHEL/CentOS 7.x, 64-bit

Additionally, while LCE is active, it requires exclusive access to certain ports. The only services that are required to support remote users are SSH and the LCE interface (lce). If other services are active on the system, conflicts should be avoided on the following default ports:

Ports LCE Receives (Listens) On
Port Description
514/UDP  Syslog
22/TCP SSH, for requests from Tenable.sc
601/TCP Syslog
1243/TCP Vulnerability detection, if enabled in Tenable.sc
6514/TCP Encrypted syslog
8836/TCP LCE Administrative Web UI
31300/TCP Events from LCE Clients
Ports LCE Sends On
514/UDPSyslog (forwarded)
443/TCPPull requests to the plugins feed at plugins.nessus.org
601/TCPSyslog (forwarded)
Ports LCE Uses Over Loopback Interface
7091/TCPInternal communication, showids to lce_queryd
7092/TCPInternal communication, lce_tasld to lced

Caution: The system running the LCE can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the LCE server is listening on.